ITU-T Work Programme

[2022-2024] : [SG17] : [Q7/17]

[Declared patent(s)] - [Associated work] - [Publication]

Work item:

X.1150 (ex X.saf-dfs)

Subject/title:

Security assurance framework for digital financial services

Status:

Approved on 2024-03-01 [Issued from previous study period]

Approval process:

TAP

Type of work item:

Recommendation

Version:

New

Equivalent number:

Timing:

Liaison:

ISO/IEC JTC 1/SC 27/WG5

Supporting members:

Summary:

This work item is based on FIGI deliverable for security assurance framework. The provision of digital finance services (DFS) involves a complex ecosystem with the participation of different stakeholders such as banks, DFS provider, mobile network operators (MNOs), DFS platform providers, regulators, agents, merchants, payment service providers, device manufacturers, application developers, token service providers, OEMs, and clients. The DFS Security Assurance Framework provides an overview of the security threats and vulnerabilities facing the DFS providers (banks, non-banks providing mobile money services), mobile network operators, customers, payment system providers, merchants, and technology services/third-party service providers. Regulators including telecom authorities, banking, and payment regulators could also make use of the DFS Security Assurance Framework for establishing security baselines for the DFS providers as well. The DFS Security Assurance Framework recommends a structured methodology for managing security risks that the DFS providers offering digital financial services could implement to: Enhance customer trust and confidence in digital financial services. Clarify the role and responsibilities of each of the stakeholders in the ecosystem. Identify security vulnerabilities and related threats within the ecosystem. Establish security controls to provide end to end security. Strengthen management practices with respect to security risk management that is inclusive of all DFS stakeholders.

Comment:

Reference(s):

[SG17-TD1772R1/PLEN (2024-02)

]